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1 Project Information 


1.1 Project Overview 


1.1.1 Back ground & Context 

People Hub is a system envisioned by Government of Andhra Pradesh, comprising of resident 
demographic and socio-economic data. People Hub and its components help achieve accurate 360° 
view of resident data and link core data of residents with their socio-economic data to improve service 
delivery, accountability, and decision making. People Hub provides a framework for linking residents 
with different departmental schemes and programs. 

The existing AP State Residents Data Hub (APSRDH) has largely been able to meet the needs of 
various departments today. However, the hub may have to be upgraded significantly in order to fulfil 
vision of e-Pragati. For example: The projected number of services that use the hub is much higher 
than what it is today, therefore, the people hub should support easy scalability. 

1.1.2 Business Drivers 
The key drivers for People Hub are: 

1. Need to achieve 360 degree view of State residents. 

2. Realizing e-Pragati Vision 

3. Enabling seamless resident data exchange between departments 

4. Preventing misuse of benefits (enrolling multiple times, non-existing beneficiaries). 

5. Creating fool-proof authentication mechanism to ensure scheme benefits reaches eligible 
beneficiaries. 

Building robust beneficiary payment transfer mechanism and reducing processing costs and instances 
of non-delivery of funds. 
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1.2 Project Objectives 


The People Hub shall serve the following objectives: 

a) Establish and maintain a repository of the People data relating to the residents of the State. 

b) Provide data services to the departments and agencies of the Government, relating to seeding 
of Unique People ID in their databases, authentication of beneficiaries of schemes with 
reference to the People Hub and cleansing, updating and validating their databases. 

c) Facilitate creation of a wide-range of People Hub-enabled applications that leverage all the 
benefits envisaged through use of unique Identity of residents, including transfer of social 
benefits. 

d) Develop MIS Reports for planning and decision-support. 

e) Play a pivotal role in the realization of the Vision of AP State Enterprise Architecture, by 
providing reliable and quality Resident Data 

f) Provide a secure, inclusive mechanism for People to enroll and consume Government services. 

g) While meeting the aforementioned objectives, it is very important to leverage functionalities 
offered by existing SRDH. Therefore, People Hub shall aim to reuse APSRDH to the extent 
possible. (See Annexure 3 for more details on APSRDH Architecture) 

The following section describes the benefits received by various stakeholdersfrom People Hub are given 
below: 


Stakeholder Expectations from People Hub System 

Residents of the State 

Residents of the State will have their data stored in the People 
hub. They are the primary and most important stakeholder 
group because they are the ones who will be affected the 
most in case of loss or compromise of data 

Departments and Agencies 

of the State Government 

Departments and agencies use resident data in order to 
identify beneficiaries, and provide services. Departments can 
also use the data for investigation, and fraud detection 

purposes 

Departments and Agencies 
of the Central Government 

Central government agencies may use resident data for 
delivering benefits, or fraud/crime investigation 

Banks and Financial 

Institutions operating in the 
State 

Banks and Financial institution may use people date for 
checking loan eligibility, dispersing funds, or for identifying 
financial status of residents 

Rural Area Service 

Providers 

Service providers use resident data to deliver services to 
residents, particularly in rural and remote areas. Panchayats 
can make use of resident data to ensure that schemes meant 
to benefit people reaches intended target group 
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Entrepreneurs under the 

Scheme of Common Service 

Centre 

Entrepreneurs may use people data to identify potential 
customers for their business 

Private Institutions 

Private institutions, particularly operating in the areas of 
Healthcare, Finance, Education and Social Services can use 
resident data to deliver services to residents, and also 
participate in government schemes. 

AADHAAR Authorized 

Agencies 

AADHAAR Authorized Service Agencies (AUAs), Authorized 
User Agencies (AUAs), KYC Service Agencies (KSAs) and 

KYC User Agencies (KUAs) operating in the State will be 
responsible for handling resident data, and ensuring that they 
are protected and secured. In short, these agencies are few of 

the custodians of resident data 

Business correspondents of 

commercial banks 

May use resident data to identify target customers and 
business opportunities.The ecosystem of technology 
companies, device manufacturers, solution providers, 
innovators and start-ups.They provide Software and Hardware 
solutions to People Hub ecosystem 
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2 Scope of Work 


APTS through this tender document invites proposals from competitive bidders to be the “System 
Integrator (SI)” who have similar implementation experiences. The objective of this RFP is to develop 
applications for the identified portfolio of new services and integrate with the applications of existing 
services of short listed departments. System Integrator has to Design, Develop / Customize the 
application, Train, Handhold and Roll-out the people hub application to provide Operations & 
Maintenance (O & M) services for a period of three years post “Go Live”. 


2.1 Scope of the Project 


The implementation of the projectshall be completed in<TBD> commencing from the date of award of 
contract to the SI and will be followed by <TBD>of Operation and Maintenance (O&M) phase. 


The information contained within this RFPrepresents some of the high level requirements which are 
needed for experienced Application specialists to design a detailed and prescriptive Application 
Integration Architecture and to implement it on a suitable Integration platform/suite. The proposed 
Government Integration Architecture/Platform would then be used to integrate all the departmental 
applications. It will also serve as a guidance/blueprint for all future solution developments efforts at 
government which requires integration with other applications both within Government and externally 
with Government’s partners. 


The following outlines major activities to be carried out by the selected bidder are stated below: 

Implementation: 

1) Project Planning and Management 

2) Development of People Data HubApplication for the identified services 

a) System Study 

b) SRS preparation 

c) Design, Development, Customization, Testing and Deployment of People Hub Application at 
SDC for the new services and integrated services. Also, SI has to prepare a localization 
framework to provide bilingual (English &Telugu) facility 

3) IT infrastructure assessment, procurement, installation,customization, data center hosting, disaster 
recovery 

4) User Acceptance Testing (UAT) of People Hub application. 

5) Provide support for STQC Certification and C-DAC/TDIL Certification of the People Hub 
Application. SI has to fix all the defects / bugs as pointed by STQC and C-DAC / TDIL audit. 

6) Operations and maintenance of entire People Hub System environment (Service delivery, Software 
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& Hardware warranty & maintenance support) for the duration of<TBD> from “Go-Live” date. 

7) Deliver all necessary project documents such as User Manual, SRS, SDD, Integration plan, 
Deployment plan, System testing plan and test cases, roll out plan and application support plan etc. 

8) Capacity Building / Training 

a) Prepare and organize training programs to user departments (Deliverer, Controller & End-user) 

b) Prepare user and operation manual to each department whose services will be hosted people 
hub application services platform. 

c) Provide facility for Online Help to logged in users. 

9) Design & execution of change management, training & communication strategy for successful 
implementation and operation 

10) Operation & Maintenance (O&M) for the duration of<TBD>after launch of People Hub application 
state wide.Day-to-day maintenance of the People Hub application 

Integration: 

Integration of People Hub application with all the applications spread across Government 

1) Creating a strategy to integrate execution with department applications 

2) PHID seeding into the departmental databases. 

Smart Pulse Survey 

1) SPS data would be able to seamlessly integrate into People Hub Database, whenever it is made 
available 

2) People Hub database would provide the required data to the app in handheld devices used by SPS 
representative. 

Notes: 

1) The Bidder has to prepare the work plan based on the state specific situations and dynamics in 
concurrence to IT E &C, APTS, to execute the project keeping in mind the current scenario/ 
progress of the core Infrastructure. 

2) Refer Annexure 1 for details of Smart Pulse Survey 

2.2 Resource Deployment 

One of the important factors that would determine the success of the People Hub implementation in 
the state of Andhra is the continuous availability of domain experts like Project Manager, Integration 
Specialist, Enterprise Architect, Database Administrator, Change Management Expert, and Solution 
Architect. 

The SI is expected to provide technical and operational support for the complete duration of the 
project. The SI should provide minimum of 8 key resource personnel listed below apart from the 
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regular Programmers and Test engineers as mentioned below 


Roles 

Responsibilities 

Project Manager 

• Primary contact for e-PragatiPMU for all the execution related 
activities 

• Responsible for reporting to client and monitoring progress 

• Develop a project plan for this effort that integrates with the e- 
Pragati EA project plan mentioned in the RFP 

• Track and report on project progress, maintain issue register, 
coordinate and schedule meetings 

• Develop weekly progress reports 

• Work closely with e-Pragati PMU to solve any conflicts that 

arise 

• Be the communication channel between the e-Pragati PMU 

and Vendor team 

• Overall project management and control 

• Control of the system life cycle from the design through close 
of the system 

• Plan, direct and control allocation of all project resources 

MDM Solution Architect 

• Provide technical clarifications on the deliverables to the e- 
Pragati PMU team 

• Develop detailed data models 

• Identify complete set of metadata and master datasets 

• Take part in the integration, stress and user acceptance 
testing carried out at Client location 

• Provide clarifications and bug fixes during Warranty support 
phase 

• Responsible for the Overall Solution of the Project 

• Review of HLD & LLD artefacts 

• Creation of the Traceability Matrix between the artefacts 

Integration Architect 

• Defining the Integration Framework for People Hub integration 
with Department applications, and PHID Seeding strategy 

• Defining strategy for integrating People Hub Data and Smart 
Pulse Survey data 

• Ensure technical implementation of services as per the People 
Hub reference architecture, SOA patterns, and adherence to the 
SOA Governance process 
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Project / Technical Lead 

• Overall responsibility of Design & development effort 

• Lead the design & development team 

• Create coding standards and guidelines and perform frequent 

code reviews 

• Incorporate the feedback from the QA team as well as the e- 
Pragati PMU to ensure all requirements are fully met 

• Timely delivery of the product 

Database Administrator 

• Application Database Design and Administration 

• Managing the databases of the proposed People Hub system 
including those kept at the data centre, and DR site. 

• He / She shall be also responsible for data backup, database 

fine tuning, online synchronization of the database instances 
kept at DC and DR, etc. 

Test Lead 

• Prepare test plan and cases for final testing 

• Report all test results to Project Manager 

• Organize the testing activities 

Business / Functional 

Analyst (Govt. Domain) 

• Provide Functional Inputs to the development Team 

• Review the Traceability Matrix 

Developers 

• Execute the activities assigned by the Project Manager 

• Carry out the assigned design / development / customize / 
configure activities 

• Adhere to standards and schedules 

• Report the status to Project Manager 


Operations and Maintenance (O & M) Support: 

The System Integrator is responsible for the day to day maintenance of the system for the entire period 
of effective date of contract,post “Go Live”. SI shall provide:- 

1. Annual Technical Support (ATS) for all the licensed software 

2. Providing Help desk support with Ticket generation mechanism and Escalation matrix for 
resolution of registered complaints. 

3. Adherence to SLAs as per adopted standards, (refer Standards Document) 
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3 Functional Requirements 


Minimum functional requirements are given below 


S. No. 

Functional Requirements Description 

1 . 

People Hub shall comprise following main components: 

a. The People Hub Database 

b. People Hub Data Services System 

c. People Hub Application Services System 

2. 

The People Hub shall provide the data support required for the other two subsystems namely, 
the People Hub Data Services System and the People Hub Application Services System. 
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3. 

People Hub shall maintain a centralized resident repository of Demographic and socio¬ 
economic data. The following data should be captured 

Basic resident data: 

a. Citizen identification number 

b. ID type 

c. Name 

d. Father’s Name 

e. Date of Birth or Year of Birth 

f. Gender 

g. Address 

h. Postal PIN code 

i. Photo 

j. State Residency Status 

k. GIS Latitude coordinate 

l. GIS Longitude coordinate 


And, Socio-economic data: 

a. Social Category 

b. LPG/Water / Electricity Consumer numbers 

c. Ration Card Number 

d. Mobile Number 

e. Status of Housing 

f. Status of ISL 

g. Members of the Family 

h. Education 

i. Employment 

j. Disability, if any 

k. Land held 

l. Livestock 

m. Vehicle & Driving License number 

4. 

People Hub should create and maintain one and only one unique People Hub id for every 

resident in the state 

5. 

People Hub should allow residents to register up to 5 photo ids and 5 proof of address 
documents, and use photo ids as citizen identification number. 

6. 

The hub should be flexible enough to allow Biometric authentication and Aadhaar based 
validation for select departments only 

7. 

Where biometric and Aadhaar information is not available or not allowed to be used, People 
hub shall implement best available alternatives, and may leverage Unique People Hub id, 
OTP based authentication, challenge questions, etc. 
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8. 

People Hub shall reuse data in AP SRDH and departmental database to the extent possible. 
Where necessary, data quality improvement algorithms shall be applied to create a clean, 
golden version of the record. 

9. 

The People Hub shall establish the IT and network infrastructure to enable it to discharge its 
responsibilities efficiently, complying with the relevant Service Level Agreements. 

10. 

The People Hub shall establish a comprehensive Information Security Management System 
(ISMS) in compliance with the International and National Information Security Standards. 

11. 

People Hub System shall publish or register Data and Application services as web services to 
e-Highway and enable real-time/near real-time integration 

12. 

People Hub shall make Application and Data services available for consumption by batch 

services 

13. 

People Hub shall provide following Application Services 

• Resident Information Services 

• Aadhaar Authentication Services 

• Beneficiary Eligibility Check Services 

• Beneficiary Verification Services 

• Service delivery tracking services 

• Accountability and Vigilance Services 

• Verification Services 

• Scheme enrolment, and disenrollment services 
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14. 


People Hub shall provide following data services for select applications and departments 
only. 

a. Seeding of Aadhaar in their databases. 

There are two types of seeding - Organic and Inorganic (Annexure 2), and the People 
Hub data services shall support both. 

b. Periodic update of data from UIDAI (Update Services) 

c. Authentication Services which includes: 

i. Type 1 Authentication - Through this offering, service delivery agencies can use 
Aadhaar Authentication system for matching Unique People ID and the 
demographic attributes (name, address, date of birth, etc.) of a resident. 

ii. Type 2 Authentication - This offering allows service delivery agencies to 
authenticate residents through One-Time-Password (OTP) delivered to resident's 
mobile number and/or email address present in CIDR. 

iii. Type 3 Authentication -Through this offering, service delivery agencies can 
authenticate residents using one of the biometric modalities, either iris or 
fingerprint. 

iv. Type 4 Authentication - This is a 2-factor authentication offering with OTP as one 
factor and biometrics (either iris or fingerprint) as the second factor for 
authenticating residents. 

v. Type 5 Authentication - This offering allows service delivery agencies to use 
OTP, fingerprint & iris together for authenticating residents 
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15. 

People Hub Application Services System shall provide the following application services: 

a. Application for Establishing Identity - This application shall have the following 

modules: 

i. Authentication of beneficiaries for enrolling them to schemes, and programmes. 
Aadhaar based authentication for ePDS scheme 

ii. Confirming identity of beneficiary at PoS. Aadhaar based confirmation for ePDS 

iii. Convergence/Aggregation service - PHID enabled convergence of beneficiary 
information across departments and schemes 

b. Enhancing Efficiency in Service Delivery - This application service shall have the 
following modules: 

i. Tracking Service Delivery - Enables tracking of a benefit or a request for benefit 

on an end-to-end basis. 

ii. Accountability and Vigilance - Enables strengthening of accountability in 
activities relating to audit, inspection and vigilance through Aadhaar-based, and 
Non-Aadhaar authentication of the concerned officials along with time-stamping 
and GPS tracking. 

iii. Empowering Beneficiary - Enables: 

1. Beneficiaries access government schemes in an integrated manner, to 
know all their entitlements 

2. Status of their current entitlements 

3. Lodge grievances 

This module must be made available on portals such as MeeSeva and MeeKosam 

c. Verification of address and demographic details - This application shall have the 
following modules: 

a. Address verification 

b. Verification of age and date of birth 

c. Propagating information about change of address to all concerned departments 

d. e-KYC services - This application shall provide instant, electronic, authentic data 
on: Date of birth, Age, Gender, Address and other basic information about a 
beneficiary to agencies or departments using 

1. Biometric authentication (for select departments only) 

2. OTP on mobile app 

3. OTP on website 

16. 

People Hub shall provide report generation functionality for planning and decision support. For 
example, department specific: 

1. Seeding progress report 

2. Demographic data verification progress reports 

3. Cancelled PHID report 

17. 

People Hub shall provide user access management at different levels 
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18. 

People hub should be able to apply various matching algorithms to identify duplicates, and 
consolidate resident information across various departments in the state. 

19. 

People Hub should be able to apply Enterprise data lifecycle management policies for Data in 

the hub 
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4 Technical Requirements 


S. No. 

Technical Requirements 

1 . 

Adopt Web-services Architecture and Service Oriented Architecture 

2. 

Leverage relevant e-Governance Frameworks like SSDG, NSDG 

3. 

Adopt relevant Industry standards like XML, JMS, SOAP and WSDL 

4. 

Compliance of relevant e-Governance standards 

5. 

Easy integration with middleware 

6. 

People Hub shall be able to interoperate and connect with applications deployed on 
heterogeneous platforms viz. AIX, HP-UX, Sun Solaris, Windows, Linux etc. 

7. 

Relational Database support 

8. 

Reusability - Services should be reusable 

9. 

Extensibility, ability to add new functionality without requiring major changes to the 
existing components 

10. 

Loose coupling, no direct form of communication between end systems except via 
published interfaces 

11. 

People Hub should support the following integration security standards: 

• Authentication 

• Authorization 

• Encryption 

• Secure Conversation 

12. 

It shall adopt to Information Security Management System as per ISO 27001 
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5 Non Functional Requirements 


5.1.1 Scalability 


S. No 

Requirements Description 

1 . 

People Hub should be able to scale up storage and processing of storing and authenticating 
demographics, biometrics and Iris of population of AP 

2. 

People Hub should provide for scale-up on the CPUs, servers and storage in a horizontal 
fashion 

3. 

People Hub should support to achieve horizontal scalability (number of databases, users, 
connections etc.) 

4. 

People Hub should be able to scale up multiple terabytes in decentralized and centralized 
environment through “horizontal” sharing of data sources instead of depending on a central 
database server 

5. 

People Hub must be scalable so that it will continue to function as data sets change in size. 
Scalability capabilities must include: 

a. Utilization of load sharing capability as provided by the underlying technical infrastructure 

b. Utilization of system virtualization capability as provided by the underlying technical 
infrastructure, and 

c. Processing of operations in parallel on a single and/or multiple hosts as necessary 


5.1.2 Performance 

The People Hub shall establish IT and network infrastructure to enable it discharge its responsibilities 
efficiently, complying with the relevant Service Level Agreements.Since People Hub is extensively used 
by most of the applications in the state, and many of them use it in real-time, performance becomes a 
critical element. 

5.1.2.1 Response Time 

Response time is the period between when the user invokes a service and gets response on the 
screen. The following table gives expected response times for different categories of services 


S. No 

People Hub Services 

Response Time 

1 . 

User Authentication and Authorization 

< 1 Sec 

2. 

Services that just retrieve data 

< 2 Sec 

3. 

Services that retrieve and/or manipulate data 

< 4 Sec 

4. 

Aadhaar based services/Biometric Services 

< 6 Sec 


5.1.2.2 Transactions per second 

Number of transactions per second supported by People Hub - >= 500 TPS 
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5.1.2.3 Concurrent User Support 

The new state-wide enterprise architecture will contain around seventy applications, and about seven 
hundred and fifty services. Most of these applications will require resident information. Besides, the 
applications can be either on premise or cloud-based. At the minimum, People Hub must support to all 
these applications and services. 

Expected key concurrent user support requirements are captured below: 

1. Max number of users of People Hub Services per day-1 crore 

2. Number of applications that can be serviced by People Hub at the same time - 60 (approx.) 

3. Number of services that can be serviced by People Hub - 600 Services 

4. Number of concurrent users - 10000 ( assuming about 20 sec per transaction on an average) 


5.1.3 Availability 


S. No 

Requirements Description 

1 . 

Servers - People Hub shall ensure that Application, and Data servers are made available as 
set norm. People Hub may apply techniques such as clustering, load balancing, ensuring 
fewer restarts, Plug and Play hardware and software support, replication, Horizontal and 
Vertical auto scaling etc. 

2. 

Storage - People Hub shall ensure that adequate storage is available to meet needs to peak 
demand over an extended period of time. Techniques such as redundant storage, Object 
Storage, backups using SAN, Storage provisioning may be used. 

3. 

People Hub shall ensure high availability of the following applications. In particular, 
Authentication and Authorization services shall be made available 100% of the time. 

a. Authentication and Authorization services 

b. Data services 

c. Application services 

4. 

People Hub shall ensure high availability of its Operating System 

5. 

People Hub shall ensure high availability of its infrastructure components 

6. 

People Hub system shall support load various options including balancing and clustering, 
where applicable, to ensure high availability of the system 

7. 

People Hub shall ensure that all IT and non-IT components shall be available in order to meet 
the required availability level 

8. 

People hub is a central system to refer critical records of it’s citizen hence need to be 
available for 99.99% time. 
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5.1.4 Reliability 

People Hub shall be a robust reliable system with a consistent performance in terms of: 


S. No 

People Hub Services 

1 . 

Quality of Data 

2. 

Quality of Service 

3. 

Meeting Service SLAs 

4. 

Availability 

5. 

Security 


5.1.5 Manageability 

People Hub is required to cater to stakeholders across the state accessing it from multiple points and 
through multiple channels. Hence the manageability of this system is essential to ensure effective 
monitoring and timely resolution of any issues surrounding performance, availability and security 

5.1.6 Software Maintainability 

A system should be easy to manage and maintain. Which means maintenance effort must be less. 
Good software development practices, automating and reusing code, reducing lines of codes, and 
adapting modular architecture are recommended for improving manageability. People Hub shall ensure 
that the system software is easily maintainable. 

5.1.7 Usability 

People Hub shall describe solutions capability to support multiple user interfaces and any limitations to 
the ability to support major web browsers (i.e. Internet Explorer, Firefox, etc.) with a minimum of one 
version of backward compatibility from the last version release. 

5.2 Business Domain Requirements 
5.2.1 Audit 

Logging and Exception management will help in tracing and troubleshooting specific problems. Logging may 
be required for fulfilling regulatory requirements as well. A Robustapplication will contain dual-purpose logs 
and activity traces for audit and monitoring, and make it easy to track a transaction without excessive effort 
or access to the system. 


S. No 

Requirements Description 

1 . 

People Hub shall maintain log of all transactions that take place in the hub. 

2. 

Logs should be written once and be readable on multiple devices in a secure manner 
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3. 

Logs should be backed up periodically to a permanent storage 

4. 

People Hub shall develop and apply Data Lifecycle policies to the Log files 

5. 

People Hub shall ensure security and confidentiality of Log data 

6. 

Logs should be useful for debugging, error reconstruction, and attack detection 

7. 

Logs shall capture audit trails to a secure location 

8. 

Exception messages shall ensure that no unintended information, which could compromise 
data, is displayed 

9. 

People Hub shall always be fail safe 


5.2.2 Personalization 

If data is captured in local language only, then People Hub must have capability to translate them to 
English and process along with other data. 

5.2.3 Search Capabilities 

People Hub maintenance portal shall have capability to search using key words associated with People 
Hub. Typical search items include - documents, manuals, reports, procedure, technical and functional 
specifications etc. 

5.2.4 Customization 

A COTS or a Cloud based solution may require significant amount of customization to meet the 
requirements of People Hub. In general, lower the customization, better it is from the point of view of 
maintenance, support, and cost. The following aspects of customization must be considered 

1. Business Rules Customization (Particularly for Authentication and Authorization service) 

2. Workflow Customization 

3. Report Customization 

5.2.5 Security, Access Control, and Privacy 


S. No Requirements Description 


People Hub e-Pragati Requirements © Government of Andhra Pradesh 
Specifications 


Page 22 of 59 













1. 

The following principles govern the assurance of the privacy of personal information: 

a. Notice —residents should be given notice when their data is being collected. 

b. Purpose —data should only be used for the purpose stated and not for any other 

purposes. 

c. Consent —data should not be disclosed without the resident’s consent. 

d. Security —collected data should be kept secure from any potential abuses. 

e. Disclosure —residents should be informed as to who is collecting their data. 

f. Access —residents should be allowed to access their data and make corrections to any 

inaccurate data. 

g. Accountability —residents should have a method available to them to hold data collectors 
accountable for not following the above principles. 

2. 

Personal information can only be processed in the following circumstances only: 

a. for specified explicit and legitimate purposes and not in a way incompatible with those 
purposes; 

b. when processing is necessary for the performance of a task carried out in the public 
interest; 

c. when processing is necessary for compliance with a legal obligation; 

3. 

Personal information may be processed only insofar as it is adequate, relevant and not 
excessive in relation to the purposes for which they are collected and/or further processed. 

4. 

The personal information must be accurate and, where necessary, kept up to date. Every 
reasonable step must be taken to ensure that personal information which is inaccurate or 
incomplete, having regard to the purposes for which they were collected or for which they are 
further processed, is deleted or rectified. 

5. 

The personal information in the custody of the People Hub or any other body, which is a part 
of the People Hub, shall not be transmitted to any other body or person without the appropriate 
legal authority. 

6. 

Encryption requirements must be identified and applied where relevant. For example: 

Passwords 


5.2.6 Environmental Requirements 

People Hub shall support production, pre-production, testing and development environments in line with 
best practices. This will ensure that quality of the software is maintained, and a standard procedure for 
software change deployment is enforced. Other benefits include - reduced production incidents, early 
identification and resolution of defects, reduced data security incidents etc. 

The pre-production, test, and development environment shall mirror production environment, and 
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efforts must be made to keep them in synch. However, data in production and pre-production shall not 
be replicated to test as is, or if it has to be replicated, exceptions will have to be obtained and non¬ 
public information be scrubbed. 

5.2.7 Configuration 

Configuration of a COTS product incorporates business rules, workflows, best practices and standard 
procedures of the government into the COTS product. Configuration in line with the strengths of COTS 
product ensures real value from it 
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6 Security Requirements 


People Hub information assets and operations should follow the well-defined Information System 
Security policy. Governance system should be in place to track and audit the system with respective to 
security policy adherence. To achieve the objective of Information system security policy the following 
information security processes will have to be considered and followed: 


Component 

Comment 

Identification 

the process of distinguishing one user from all others 

Authentication 

the process of identifying the identity of the user 

Authorization and Access control 

the means of establishing and enforcing user rights and 
privileges 

Administration 

the functions required to establish, manage and maintain 
security 

Audit 

the process of reviewing and monitoring activities that enables 
the reconstruction and examination of events to determine if 

proper procedures have been followed for all of the above 


6.1.1 Key Security Considerations at the Application & Database level 

To maintain information security during transaction the developed application should support both 
HTTP and HTTPS (SSL certificate to be deployed by the vendor on the Web/ Application Server for the 
entire project duration). The Application/Database must have integrated security/ monitoring features 
with the following: 


S No. 

Details 

1 

LDAP integration of seamless access and batter control on user management 

2 

Firewall to filter unauthorized sessions/traffic 

3 

Intrusion Prevention System to detect/prevent unauthorized activities/sessions 

4 

Server-to-server communication encryption 

5 

Secured/ encrypted storage of data/ data elements in the Database & DB Backups 

6 

Comprehensive logging & audit trail of sessions and transactions 

7 

Clear definition of Roles and Users 

8 

Define Role-wise add/ edit/ view/ delete rights for each Entry Form/ Report in all modules 

9 

Digital Time and User Stamping of each transaction 


6.1.2 Key Security Considerations at the Network / Transport level 
The following are key security considerations at network and transport level: 
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Component Comment 


Network Link Encryption 
(IPsec) 

Need to put a network layer security with encrypt IP packets by IPsec as 
main protocol and routers encrypt and decrypt unnoticed by higher 
layers 

Encrypted HTTP 
session using SSL 
(HTTPS) 

Transport Layer Security should be used and implemented by encrypt 
sessions and messages with the help of SSL. It can control the 
communication between web browser and server and entities identified 

by connections, port numbers 


6.1.3 Application Layer Security 


Component Comment 


Message Format 

Application layer security should be added to standard message formats 
(e.g. S/MIME) 

Authentication 

Authentication of sender and data should be in place 

User keys/password 

Enforcement of end users keys and password should be in place 

End-to-end security 

End to end application layer security should be in place 


6.1.4 System must comply with IT Security configurable requirements 


Component Comment 


Multifactor 

Authentication 

Proposed system should supports multifactor authentication like OTP, 

Soft Token, etc. 

Display last login/logout 

System should support to shown the last login/logout details to control 
and self-monitor the security. 

Password criteria 

restrictions 

Password must be complex and should be combination of upper case 
character lower case character and special character 

Password Length 
(Minimum and 

Maximum) 

Password length must be at least 8 character long 

Password change 

interval 

Password must have change mandate and should be asked for change 
after 30 or 45 days 

Password change 
history (password 
cannot be repeated) 

Changed password must not be reused for at least past 5 password for 
high security 

Login session timeout 

login session must be timeout every ideal 2 minutes interval to avoid 
miss use of logged in systems 

Disallows concurrent 

login sessions 

Security and auditing required to blocking for concurrent login sessions. 
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Component 

Comment 

Allows password 
encryption during 

transmission 

Encryption must be in place during password transmission for reset user 
password 
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6.1.5 Security Review 


S No. 

Details 

1 

The People Hub developed/customized shall be audited by the agency from a security and 
controls perspective. Such audit shall also include the IT infrastructure and network deployed 
for the project. Following are the broad activities to be performed by the Agency as part of 
Security Review. The security review shall subject the solution to the following activities. 

2 

Audit of Network and Application security mechanisms 

3 

Assessment of authentication mechanism provided in the application /components/modules 

4 

Assessment of data encryption mechanisms implemented for the solution 

5 

Assessment of data access privileges, retention periods and archival mechanisms protected. 

6 

Application security features incorporated etc. 

7 

Application Security mechanisms should be accessed in compliance with the IT Act 2000, 
2008 Amendment and IT rules 2011, such that it maintains data/information Integrity, 
Confidentiality, Non-repudiation. 

8 

Audit of Security mechanisms so that they are in compliance with the latest Guidelines by 
Controller of Certifying authority (CCA), IT Act, and IS027001. 

9 

Gap assessment of certain controls like say ISO 27001 and section 43, 47, 66, 69, 79, 84 
and 87 of IT ACT amendment 2008 and decide how the sensitive data from a data centric 
stand point is to be protected. 

10 

Overall security of the solution including installation and management of Antivirus solution for 
protection of all the servers and systems implemented for the project, application of 
updates/patches etc. The antivirus patches have to be updated and applied from time to 
time, after appropriate testing of the patches in the staging area. 
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7 Operational Requirements 


7.1 People HubOperational Requirements 

7.1.1 Training Plan 

First, training need analysis of all key stakeholders has to be done and then training plan will have to be 
developed in line with overall project plan. Given below are high level requirements of Training plan. 


1 

Stakeholders shall be trained on user screens, basic functionalities, navigating screens, and 
operations that can be performed, as relevant to user types 

2 

Where necessary, relevant case studies may be given 

3 

Basic IT Skills, using cloud based application, and other basic training may be given on a 

need basis. 

3 

Detailed training plan shall be created, and training material shall be prepared and distributed 
to the participants 

4 

Training plan shall include details like participant names, training location, date, and time. And 
all necessary arrangements shall be made to enable smooth running of sessions 

5 

At the end of training sessions, assessments will have to be performed in order to evaluate 
the level of understanding of the participants. Assessments may be in the form of quiz, tests, 
or real-life simulation. All necessary arrangements, including preparation of test materials, 
administering tests, and evaluating test reports must be planned and done in advance. 


7.1.2 Training Deliverables 
The required training should have below: 


S No. 

Details 

1 

Training Plan 

2 

Training Manuals, User Guides and Materials 

3 

Documented Evidence of Successful User Training 


7.1.3 Necessary Training 

To provide necessary Training to GoAP department users and all stakeholders on 


S No. 

Details 

1 

Proposed Integration processes 

2 

The products and services of the people hub 
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S No. Details 


3 

The Information security and their relevance and importance to the department data 
confidentiality 

4 

Knowledge of departmental systems, operational procedures etc. 

5 

System Administration training to IT Operation Management Team 


7.1.4 Training Responsibility & Duration 

The SI would have to adhere to the ‘Capacity Building and Change Management Plan’ provided by 
APTS. 

Training shall introduce the GoAPresources on systems, procedures and processes in an elaborate 
manner. The actual requirement of training may be assessed while implementing the people hubservice 
and will be decided mutually by Government designated team and vendor. Concept of Trainer’s 
Training program will be organised by Government designated team to train the trainers of the SI on 
people hubproducts and services, processes etc. 

The expected duration for the training is 10-15 days. Based on the training need, people hubSI has to 
develop the training material. SI would have to maintain the repository of the material and would have 
to train service agents on account of general expansion or attrition. Trainings which are not related to 
functionality of the process and client applications would have to be provided by the SI itself; this will 
include soft skill training, technical training on general application usage and applications provided by 
vendor. 

7.1.5 Change Management Plan 

Change management initiative shall focus on addressing key aspects of project including building 
awareness among stakeholders. Change management shall also include development and execution of 
communication strategy for stake holders. 

Change management workshops shall be planned and conducted based on needs of various 
stakeholders of people hub. Key considerations for Change management process are given below: 


1 

Impact assessment - In the light of changes, how are current functioning, Org structures, 
roles and responsibilities are impacted. 

2 

Assess change readiness - How ready departments and stakeholders are? Are there 
potential blockers? Stakeholder issues and concerns etc. 

3 

Design change management approach - This is to come up with an optimal way of 
implementing people hub ( Phases, pilot groups etc.) and time frames 

3 

Develop change plan - This includes creating plan, identifying milestones, developing benefit 
tracking mechanisms 

4 

Method for ensuring a successful change management program 
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5 

Communication and planning 

6 

Define change governance - including appropriate decision making and review structures 

7 

Lessons Learned regarding change management challenges as they will impact this project 


A special consideration will have to be given to Change communication strategy, planning and 
execution Given below are recommended steps are listed below: 


1 

Conduct a Baseline Communication Assessment 

2 

Develop and validate Communications Strategy 

3 

Develop and Validate Communication Plan 

3 

Implement Communications Programs 

4 

Measure Results of Communication plan 

5 

Adjust Communications Program 


7.1.6 Service Delivery Requirements 

The Vendor agrees to provide Services to people hub,conforming to the specified Service Levels, which 
will ensure: 


S No. 

Details 

1 

Delivery of speedy and efficient services to the Citizens, and the people hub users in 
relation to all the related services 

2 

Train the existing department users/employees to assist them discharge their duties 
effectively and efficiently 

3 

Encourage and help to improve the adoption rate for the usage ofthe people hub services, 
by employing traditional as well asinnovative techniques. To that end, implement 

measures: 

a. for making it convenient for users to utilize the services, 

b. educating the users in the relevant procedures 


To meet the aforesaid objectives the vendor will provide the ServiceLevels in accordance with the 
performance metrics as more particularlydescribed in Nonfunctional requirement’s performance 
section. 

Vendor should develop the Standard Operating Procedures (SOPs), in accordance with the ISO 27001 
& ITIL standards, for people hub. These SOPs shall cover all the aspects including Infrastructure 
installation, monitoring, management, data backup & restoration, security policy, business continuity & 
disaster recovery, operational procedures etc. The vendor shall obtain sign-offs on the SOPs from the 
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department and shall make necessary changes, as and when required, to the fullest satisfaction of 
GoAP. 

7.1.7 Operations and Maintenance Requirements 

The vendor shall be required to provide operational and maintenance services for people hubincluding, 
all the connected software and integrated components. This section discusses the Operations 
&Maintenance services to be provided by vendor with respect to Application Software & supporting 
^Infrastructure Management. 


S No. 

Details 

1 

There should be a minimum number of System Management Tools required to manage 
and administer the proposed people hub solution. 

2 

Vendor should be able to integrate new systems using people hub in <TBD> time 

3 

Vendors should propose an integrated management solution wherever possible. The cost 
associated with this element of the solution must be provided with line item pricing. 

4 

Vendor should provide the operational support on people hub for next <TBD>. 

5 

An access method is required so trained personnel can perform standard software 
changes and run basic diagnostic checks to the system(s), including the capabilities listed 
in “System Maintenance, Upgrades and Diagnostics”. 

6 

The system(s) must support pre-programming of tasks and be capable of scheduled 
execution at a later time. 

7 

System administration must be accessible via LAN or WAN for those with security 

authorization. 

8 

The proposal must include the equipment, software, and training required, along with a 
description of the software used, for administration. 

9 

The system administrator(s) must be able to build and modify tables and other system 
features; and to print reports concerning such database information. 

10 

The system(s) must be designed so that routine maintenance procedures, troubleshooting, 
loading hardware and software revisions, patches, etc., can be performed without taking 
the system(s) out of service. Routine maintenance functions must be performed without 
causing any downtime for the system users. 

11 

The core system(s) should use self-diagnosing software for detecting and logging of 
component failures. It should have the ability to initiate an alarm that can be sent to the 
support Vendor and the people hub operational technical personnel by phone/SMS and 
email. 

12 

The system management solution must include a mechanism to monitor, measure, and 
troubleshoot system and generate system performance reports. 

13 

Diagnostic reports and software programming should be available remotely (via a browser 
and VPN). 
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S No. Details 


14 

All default passwords for remote programming access must be removed or changed, with a 
summary of changed passwords delivered in writing. 

15 

The Vendor is expected to keep current on changing policies, new funding streams, 
innovations and best practices. In, addition, the Vendor can describe any other value- 
added services it can provide in addition to those specified within the RFP. It is the 
Vendor’s responsibility to inform the State, and enrolled providers if appropriate. 
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8 Acceptance Testing, Audit & Certification 


The primary goal of acceptance testing, audit and certification is to ensure that the people hub system 
meets requirements, standards, and specifications as set out in this document and as needed to 
achieve desired outcomes. The basic approach for this will be ensuring that the following are 
associated with clear and quantifiable metrics for accountability: 

a) Functional requirements 

b) Infrastructure Compliance Review 

c) Availability 

d) Performance 

e) Security 

f) Manageability 

g) SLA reporting system 

h) Project Documentation 

i) Data Quality Review 
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9 Enterprise Architecture 


9.1.1 Business Architecture 

9 . 1 . 1.1 User Scenarios 

Indicative user cases are given below 


SI no 

Use Case 

1 . 

Welfare department using People Hub Services to determine various benefits availed by 
citizens, and also to check their eligibility for certain schemes 

2. 

Departments using People Hub services to authenticate ePDS beneficiaries using Bio¬ 
metric services at Points of Sale 

3. 

Banks using People hub e-KYC (Know your Customer) services before opening accounts 

4. 

Revenue department using People hub to link Land records to right owners, Pattadars, and 
enjoyers etc. 

5. 

Residents using People-Hub Self-service portal to update their address information 

6. 

Colleges using People hub to retrieve student demographic, socio-economic, and digital 
locker information 

7. 

Agriculture department using People hub to retrieve farmer demographic and socio¬ 
economic data, and using data from People hub to get other information like condition of 
farmer’s land, produce, pending loan, and welfare schemes he is part of etc., to provide 
help and advice - economic, expert advice, loan waiver, marketing. 

8. 

Government using People hub data to identify beneficiary and his/her bank account to 
disburse payment 

9. 

EduGov application updating People Hub with student demographic and socio-economic 

data 

10. 

EduGov application using People Hub to retrieve student demographic and socio-economic 
data for enrolment to a course 

11. 

Patients registering themselves in e-Health and availing any-where any-time services 

12. 

Hospitals accessing patient health records through People hub 

13. 

Departments using People Hub id to track status of Citizen service 

14. 

Departments or agencies using People Hub address verification service for verifying 

address of a service consumer 

15. 

Departments using Demographic data verification service to validate date of birth of a 
service consumer 

16. 

Near real-time propagation of demographic data changes/addition in department database 
to People Hub thru Message based Architecture 

17. 

Near real-time seeding of people hub id to department database 
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18. 

Food and Civil supplies department using Aadhaar based accountability and vigilance 
services to maintain traceability of actions taken by officials in PDS distribution chain, and 
ensure that supplies are tracked from point of procurement to point of delivery complete 
with people who are responsible at each stage of the chain. 

19. 

Resident name change event should trigger an approval workflow in concerned 
departments. Upon approval, the new name gets updated in the departmental database. 
Nightly batch will update this in People Hub 

20. 

In the event of death of an individual, health department records will be updated. Upon 
review and approval by authorities, data is transmitted to the hub. The hub will then trigger 
workflow to update this information in various departmental databases, and also certain 
trigger certain common services (disenrollment from benefits, etc.) 

21. 

New born babies are registered in hospitals without names and birth certificates are issued. 
The birth certificate will be linked to parent’s (both) PHID. This data is transmitted to People 
hub where the record resides without a name. Once the baby is given a name, parents will 
visit nearest Help desk centre, produce original birth certificate and update the child’s name. 
People hub is directly updated, and a demography update event is registered. This will 
result in propagation of data to Health department where the medical record is updated with 
child’s name 

22. 

In the event of orphanage, the baby’s identity will be linked to the Orphan home state legal 

ID with other details viz. ascertained date of birth, given name and later be appended with 
adopting parents PHID. 

23. 

Migration - When a citizen migrates to another state, citizen will be able to register new 
address by filling e-KYC or by authorized agencies. Once the address is updated in PDH, 
respective department databases will be updated with state residency status. Alternatively, 
any address update in UIDAI reflecting demography changes or gas connection will also 
update residency status in PDH. If Passport application or change of passport address is 
applied for, state police and home department will be able to update residency status in 

PDH while processing police clearance certificate. 


9.1.1.2 Services 

Given below are People Hub Services portfolio. They can be broadly classified as: 

1. Data Services - Create/Read/Update/Delete (CRUD) Services which can be invoked for Data 
manipulation, and ID seeding- People Hub Id or Aadhaar Id (for select departments only). 

2. Application Services - Given below is an indicative list of People Hub Application Services. They 
are broadly segregated under: 

• Resident Information Services 

o e-KYC service provides an instant, electronic, non-refutable proof of identity and proof 
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of address along with date of birth and gender, 
o Convergence Service provides 360 degree view of the resident across all departments 

• Authentication Services: Provides both Aadhaar (Biometric) and Non-Aadhaar Authentication 
Services (OTP & Challenge Question based) 

• Beneficiary Verification Services: Services used to check if a given beneficiary is eligible for 
enrolling in a given scheme, and also verify him/her at PoS. 

• Service delivery tracking services:enables tracking of a benefit or a request for benefit on an 
end-to-end basis, and provide transparency both to the department and to the beneficiary. 

• Accountability and Vigilance Services:enables to strengthen the accountability in activities 
relating to audit, inspection and vigilance through Aadhaar-based authentication of the 
concerned officials along with time-stamping and GPS tracking. 

• Verification Services: Address and demographic data verification services 

• Scheme enrolment, and disenrollment services: This service will enrol or dis-enrol citizens 
from Department schemes. 
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3. People Hub Internal Services - These are Hub services and manage various key functions of hub 
like match-merge, Life cycle management, Workflow management, unique id management etc. 

People Hub Service Portfolio is illustrated here 
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Exhibit 1 People Hub Services 


9.1.2 Data Architecture 

9.1.2.1 Data Integration View 

The People hub is designed considering requirements of new e-Pragati eco-system, where it is one of 
the core components. It is designed to support a number of applications by providing resident data and 
services. People hub follows co-existence MDM Architecture pattern where resident master data is 
managed by the hub in real-time (or near real-time) but data authoring remains distributed 
(departments) 

The near-real time integration is enabled by Event-based architecture (blue colour arrows in Exhibit 2) 
below). Event based architecture will ensure automatic propagation of changes across all relevant 
departmental databases and the People hub. Two such examples are shown in Exhibit 2. They are: 

1. Real-time seeding of People hub id, and propagation of Demographic data changes to departments 

2. Real-time propagation of Demographic and benefits data from Department databases to the People 
hub 

People Hub must have most current and reliable data. Only then applications can use the data for 
transactions. Therefore, real-time or near real-time data synchronization between Department 
databases and People hub is necessary, at least for certain select data attributes. Event-based 
Architecture will ensure near real-time data synchronization. Besides, batch reconciliation process will 
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load delta departmental records to the hub to keep them in synch. The batch process will also be used 
to load Smart pulse survey data to People hub. 

People Hub application and data services are published to a service directory. A Service broker will 
enable interaction between service requestor and service provider (People Hub) 

e-Highway is a key component in Integration. It supports Event-based architecture by providing 
Publish-Subscribe (Pub-Sub) and messaging facilities, and service oriented architecture by providing 
service directory and broker functionalities. 



Exhibit 2 People Hub Database Integration view 

Key components of People Hub Architecture are described below: 

1. Self-Service PH Application: This application will be used by citizen to change or request for 
changes in demographic data by submitting relevant documents online. 
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2. External Agencies Application: External agencies viz, Banks eKYC, Electricity distribution 
company and other government authorized people facing agencies will be able to access PDH 
services integrated in their own application and shall be able verify PDH records. 

3. People Hub Application Services: People Hub Application Services are portfolio services hosted 
on eHighway. This component expose application services to all department and authorized 
external application. The appropriate application authentication and authorization shall be 
integrated into this component. 

4. People hub data services: Data services are CRUD Services and can be used either by 
applications or Database objects like stored procedures etc. They should not contain business 
logic People hub shall be able to provide data access to application services for referring, 
validating and updating PDH database 

5. PH Database: A repository as single source of truth for citizen’s demographic and socio¬ 
economic data. 

6. People hub Internal Services: 

a. Match-Merge: This service will refer the incoming data from various departments and 
uniquely identify individuals using various department data using specialized algorithms 
and create a 360 degree view of Residents. 

b. Data Life-cycle management: Data lifecycle management service will identify data 
access rate and rank/tier the sparsely accessed records or evaluate citizen living status 
to determine and move records for archiving or deleting. 

c. Metadata Management: This internal service is apply enterprise level metadata rules 
and policies viz. Data type, description, source, defaults, acceptable values, author and 
which sources/applications are authorized to modify data element etc. It will also protect 
the repository from potential errors of maintaining copies of the source metadata by 
accessing up-to-date metadata from all system metadata in real-time. 

d. People hub ID generation and management: This service caters to critical function of 
generation, management, and deletion/recycling PHID in the master table. 

e. Data Quality Services: This service willvalidate, flag, and if necessary substitute default 
values, reformat etc., ensure that the data accessed in automated and interactive ways 
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conforms to the integrity and quality of data. 


7. Smart Pulse Survey (SPS): Smart pulse survey is an initiative by AP government to capture 
records from citizen by conducting door-to-door survey. Representative from government 
department will conduct the door-to-door survey and capture citizen’s data via handheld device 
viz. Tablet PC’s. The smart pulse app will use PH application service to populate demographic 
data and also verify/rectify records in survey database. Data in SPS database will contain a link to 
PH referring PH ID. If necessary, seeding services will be invoked to seed the data this service will 
capture the demographic, socio-economic and biometric records and upload into PDH database 
in real-time. 

8. Staging Area: This component will store the raw heterogeneous source of records and shall 
implement data cleansing rule engine and ETL service to load records as master into PH 
database. 


The departmental databases contains the demographic and socio-economic data. These records will 
be used to populate the PH master data. Departmental records have department specific citizen ID and 
this IDs will be mapped to PHID during the migration phase. Post-migration, all departmental records 
will be seeded with PHID to achieve a uniform identity of each citizen. The departmental databases 
have scheme related records and these records shall also be populated into PH database to achieve 
360 degree view of a citizen. 
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9.1.3 Application Architecture 

9.1.3.1 Logical View 

People Hub Application architecture is illustrated below. Key aspects of the architecture are: 

1. Layered Architecture 

2. Integration is achieved through e-Highway 
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Exhibit 3 People Hub Application Architecture 
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Given belowis a depiction of the Logical Architecture of People Hub. The diagram shows how various components, systems, and sub-systems are 
logically aggregated into 6 main groups. These groups form the core elements of the People Hub. A detailed description of each of the group is 
given below 
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Exhibit 4 People Hub Logical Architecture 
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1. Consumers 


The end users for People Hub are departments (internal) and Agencies/residents and others outside 
the State IT ecosystem (external). The people hub, which contains resident data can be accessed via 
browsers or applications. The user requests are routed to the right service by e-Highway, which also 
ensures that the data is accessed in a secure manner. 

2. Security Layer 

The security layer is to protect the hub and its components from external and internal attacks, and 
ensure that only right people can access right information. This layer is used for Identification, 
Authentication, Authorization, and Secure Batch transmission processes. There is also a mechanism to 
ensure that the both server and client are validated before data is transmitted between them. 

3. Providers 

Providers supply data or services to People Hub. Major providers of People Hub are: 

a. Departments: They provide resident Demographic data 

b. Smart Pulse Survey: Provides resident Socio-economic data 

4. e-Highway 

The e-Highway is one of the major components of the Architecture which provides services like routing, 
translation, Service directory, and repository. This enables Service oriented architecture and loose 
coupling between various components in the State Government eco system. 

This SOA platform will help in data exchange in real-time mode, ease up maintenance and change 
management, and facilitate scalability through aggregation of services. Further, it ensures modularity 
and close alignment of services with business processes. Further elaboration on e-Highway is out of 
scope of this document. 

5. Secure Batch Data Transfer 

PHID data, Pulse survey data, and probably some department level data too, will be transmitted to 
People Hub thru batch ETL process. The batch process should be secure and comply with security 
requirements of APSEA and Information Security Management System (ISMS). 

6. Consumers 

People Hub database will serve as the single source of truth for its data consumers. The broad 
identification of such consumers are Residents of State, Banks and Financial Institutes, Various 
government departments and agencies, Central Government and Agencies, Public Service providers, 
Private institution providing healthcare, education, social services to state residents. 
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9.1.4 Technology Architecture 

9.1.4.1 Network view 

The Exhibit below shows the high level architecture as part of the cloud enabled network architecture. 
The core network layer will be controlled and managed by the service provider. The aggregation layer 
is where People Hub security/data centre services will be split between the DMZ and the core/internal 
network. The access switches are the switches providing physical connectivity to the network devices, 
servers, storage, etc. The compute block is where virtualization works and all servers are part of the 
compute block. Storage and SAN services are also a part of the compute block where integrated or 
custom solutions are provided. The switch and Virtual machines are logical components of the compute 
block. 
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Exhibit 5 People Hub Network view 





































Component Comment 


Internet/ISP 

This is the internet/ISP peering where citizen /consumers/ agencies can access the 
services hosted in the State Data Centre 

Management 

Centre 

The IT team should manage the IT components of the cloud, existing data Centre’s, 
DR from outside the cloud Centre 

DMZ 

DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a 
physical or logical subnetwork that contains and exposes an organization's external¬ 
facing services to a larger and untrusted network, usually the Internet 

Security 

Services 

This is the layer where the core Data Centre network and the DMZ is separated and 
an additional layer of security is introduced. This also forms a part of the perimeter 
security 

Virtual/Compute 

Block 

These are bundled solutions consisting of integrated, tested and validated multi¬ 
vendor server, virtualization, networking and storage resources for the virtual and 

cloud 

Virtual Storage 
Block 

This is the storage virtualization block which is the amalgamation of multiple network 
storage devices into what appears to be a single storage unit 

Disaster 

Recovery 

The DR/BCP site will hold the applications in High availability 

Near Disaster 

Recovery Site 

It will have fiber connectivity with core data Centre and have near real time 
replication enabled. It can help to achieve near zero RTO and RPO. 

AP SWAN 

The connectivity to all the existing Centre’s, offices, and to the Internet will be via the 
existing SWAN network which after the implementation of NOFN will be available at 
the panchayat level 
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9.1.4.2 Deployment View 

The People Hub indicative technology Architecture is shown below: 
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Exhibit 6 People Hub Deployment View 


Component 

Comment 

NAC/ Load 

Balancer 

• Network access control (NAC) restricts the data that user can access, as well as 
implementing anti-threat applications such as firewalls, antivirus software and 
spyware-detection programs. 

• Load Balancer will help to manage the load and provide the scalability for 
increasing backend servers 

• It may provide load balancing services for scalability and availability 

Internal & 

External Firewall 

• All internet traffic would be routed through firewall. 

• The firewall would focus on preventing external users accessing the internal 
network and limiting what internal users can do 

• It would help in improving the integrity of network 

Intrusion 

Detection System 

• Intrusion Detection and Monitoring system is used to detect any suspicious 
activities as well as monitor the network traffic and system activities 
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Component Comment 


Web Servers 

• The Web Servers represent the last point that the Customers can connect to. 

• The web application will determine whether the network traffic needs to be 
forwarded to Transaction Servers or not. This will provide additional layer of 
security. 

T ransaction 

Servers 

• Transaction Servers will handle all on-line transactions for customer registration 
and maintenance, on-line ordering and processing. 

• When customer requests are passed from the Web Servers to the Transaction 
Servers, the Transaction Server will update the customer profile with an order 
number and, for the case of public users, generate a Demand Note to be 
downloaded by Customer. 

Data Verification 
System Cluster 

• Data Verification System should usethe GIS software to support and verify the 
predefined multiple digital data formats in the system. On a need basis, the 
Lands Hub user can use this system to manually perform the following activities: 

a. Verification and maintenance on the source spatial data 

b. Verification and maintenance on the converted PH data 

c. Verification on the CSU data file which is provided by departments. 

Format 

Conversion 

System Cluster 

• The Format Conversion system should be used to perform format conversion 
utilities that run on Microsoft Windows platform for converting PH and CSU data 
into the required formats such as DWG, DXF, DGN and XML etc. 

PH Application 
System Cluster 

• The PH Application System will extract and store a copy of PH data from the 
master set of the current mapping libraries in PH system connected to the 
People Hub DB system. 

People Hub DB 
Cluster 

• People Hub DB Cluster will be core database and should be connected with 
external Storage system 

Identity & Access 

Management 

(IDM) 

• Identity and Access Management would provide Authorization, Authentication, 
Multi-factor authentication, Federation Management Server, Fraud Prevention 
System. It would leverage existing LDAP Directory Services to identify user’s 
credentials. APp Store should contact IDM for multifactor authentication which 
could be an OTP, RSA Soft token or a security question. 

Centralized 

Monitoring 

System 

• Centralized Monitoring System would manage and monitor all enterprise 
systems and IT Infrastructure components. It would provide real time 
alert/notification & dashboard for analysis and performance management. 

External Storage 
(SAN) 

• It is recommended to use an enterprise wide external storage like SAN to keep 
organization level data at centralize place to avail benefits like flexibility, 
availability and performance in accessing application data. 

• SAN storage devices may include tape libraries, and, more commonly, disk- 
based devices, like RAID hardware. 
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Component 

Comment 

Centralized 

Backup Solution 

• People Hub should be connected to Centralized backup system and core team 
can run the backups as per required schedule. 


9.1.5 Security Architecture 

People Hub should be in line with the Enterprise Security Architecture as shown below and will follow 
an organization's security processes, information security systems, personnel and organizational sub¬ 
units, so that they align with the organization's core goals and strategic direction. People Hub should 
have security option to link with key components of Enterprise Security Management are Access 
Management, Identity and Credential Management and Single Sign-On. 
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Exhibit 7 Enterprise System Security Architecture 


Component 

Comment 

Access Manager 

User will be get access as per defined policy 

Application credential 
Mapping 

This application will map the SSO with back end application credentials 

Identity Manager 

Will manage the user identity 

Directory Integration 

This will integrate user credential with Directory Server 

Directory Server 

Collection of User identity and active directory server 

Policy 

Place to defined policy for the system 

Security 

This will enforce the security in systems 
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Component 

Comment 

DB 

Manage the Credential Database 


Exhibit 8 Components of Enterprise System Security Architecture 


9.1.5.1 Access Management 

People Hub should have access management system in place to have option to integrate with existing 
enterprises access management system to provide seamless authentication and authorization solution 
for People Hub at Web/Application and Database level. Access Management system will enables 
enterprise to control user access to protected information and resources. It should provide a wide range 
of built-in authentications and supports external authentications as required in People Hub. Access 
Management Authorization service should allow to provides permit and deny decisions on access 
requests for applications. 

9.1.5.2 Identity and Credential Management 

Expecting high user base for People Hub, who will allowed to access information from the system and 
effectively managing user identities throughout their lifecycle is even more important. System should 
have option to get integrated with automated identity management system to helps enterprises ensure 
the right people can access the right applications and infrastructure. 
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10 Bill of Materials 


The following sections describe minimum bill of materials includes generic, hardware, software and 
service specifications. 


10.1 Generic Requirements 


1. 

The vendor shall provide a single integrated system (comprising of compute, storage, 
networking, and software components) that is optimized and tuned to provide maximum 
performance, scalability, and efficiency for people hub 

2. 

The hardware and software configuration must be built to protect against component 
failures such as disk failures, CPU failures, memory failure, network card failures, and 
system controller failures. 

3 

The proposed system should have an integrated management and monitoring system from 
disk to applications. 

4. 

The proposed system should have a unified patching approach where a single release 
should patch the entire system viz firmware, Bios, OS, Server, Network and system 
software’s. 

5. 

The proposed system should have a high-speed network interconnect between all 
components including application nodes, storage nodes. 

6 

The solution vendor should provide single support to all the people hub components, 
operating system, and hardware. 


• Operating System 

• Virtualization 

• Servers 

• Storage 

• Network 

• Embedded network switching technology 

7 

All hardware components from Server, Storage and networking switch equipment’s should 
be able to provide industrial standard iLoM access for remote and lite-out management for 
Datacenter management efficiency. 

8 

Proposed application server should provide support for certificate management without 
additional software 
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10.2 Hardware Requirements 


The minimum bill of material is as shown below, however the Supplier must perform their own 
assessment in order to meet SLA requirements and successful operation of the system. The following 
chapters provide a snapshot of bill of material required to be in place for the People Hub architecture. 


10.2.1 Sizing Parameters 

Minimum Hardware requirement for People Hub system should be based on the below parameters: 

• Response Time - 

o User Authentication and Authorization < 1 seconds 
o Services that just retrieve data < 2 Sec 

o Services that retrieve and/or manipulate data < 4 Sec 
o Aadhaar based services/Biometric Services < 6 Sec 

• Expected Transactions per second for People Hub Services >500 

• Expected number of Applications supported 60 (Approx.) 

• Concurrent Users - Approximately 1000 (Assuming each transaction takes about 20 seconds on 
an average) 

Proposed solution should be scalable to enhance them as and when required with upgradation of 
component wise hardware like RAM, Processing speed Storage capacity Network etc. 


10.2.2 Hardware 


No. 

Description 

DC Quantity 

DR Quantity 

1 

Database Server 

8 

4 

2 

Application Server 

4 

2 

3 

Portal/Web Server 

4 

2 

4 

Server Load balancer 

2 

1 

5 

Reverse Proxy 

2 

1 

6 

SAN Storage Space 

2TB Usable 

2TB Usable 

7 

HSM and DB encryption device 

2 

1 

8 

SSL VPN 

2 

1 
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Note - 


1. Directory/Antivirus/Backup Server will be used from existing Data center Server 

2. Firewall /Intrusion Prevention System will be used from existing Data center Server 

3. SAN Switch and SAN Storage process will be leveraged by SDC central storage system 

4. Tape Library will be leveraged from existing central backup system, bidder should be procure 
the online client licenses for backup of People hub systems including Application, Web and 
Database servers. 

10.2.3 Server Specifications details for reference 

Hardware is required for 1000 concurrent users 


Process 

Criteria 

Minimum Recommended 

Web Server 
(4 Nodes with 
load balancer) 

Processor 

Dual Xeon E7 V3 2.2GHz 16C/32T or better 

RAM 

64 GB per node 

SAN Storage(Fiber 
SAN) 

300 GB per node 

Network 

4x 1 GB NIC 

Application 

Server 

(2 - 4 Nodes 

Cluster for high 

availability) 

Processor 

2 x Dual Xeon E7 V3 3.0 GHz 16C/32T or better 

RAM 

64 GB per node 

Network 

4x 1 GB NIC 

SAN Storage (Fiber 
SAN) 

600 -800 GB per node 

Database 
Servers 
(4-8 Nodes 
Cluster for HA 
and high 
Compute) 

Processor 

2 x Dual Xeon E7 V3 3.6 GHz 16C/32T or better 

RAM 

128 GB per node 

SAN Storage space 
(Fiber SAN) 

2 TB usable 

Network 

4x 1 GB NIC 


Note - 

1. Near line Site: Supplier should propose solution (including hardware, software, and 
networking) as per following requirement 

a. Zero Data Loss Requirement: Supplier should build Near DR site to achieve RPO as 
Zero Minute and RTO as 6 hours 

b. Server Room Management:Supplier should propose Server Room Management Tool 
for monitoring of RPO & RTO and shall perform Server Room Drill every quarter till 
the time Servers are in their control(3 Years) 

2. Above figures are indicative for initial design and should be scalable for each and every 
level manage higher load for more than 50000 concurrent users in future. 

3. Above indicative size is for physical server which can be replaced by equivalent virtual 
server as per availability. 

4. All other supporting hardware like load balancer, network equipment, backup architecture, 
etc. will be considered by bidder to support for implement and working for the proposed 
People Hub system. 

5. For Data Centre hosting space will be responsibility of bidder and later after 3 years needs 
to be transferred to newly build Data Centre at new Capital. 
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6. For NearDR Site hosting space will also responsibility of bidder and later point of time will be 
migrated to decided place by GoAP after 3 year. 

7. Payment Gateway and SMS Gateway is Supplier responsibility 

10.2.4 Application Software & System Software 


S. No 

Components 

QTY 

1 

Application Software (COTS or Bespok) 

As per Solution 

2 

Operating System 

As per Solution 

3 

Database Server 

As per Solution 

5 

Portal/Web Server 

As per Solution 


10.2.5 Help Desk 


S. No 

Equipment’s 

Units (No.) 

1 

Hand and Head Set 

10 

2 

Any Additional Equipment’s (IPBEX Etc.) 

As required 

3 

Desktop for helpdesk staff 

10 

4 

Phone Connection & line 

As required 


10.2.6 Manpower to Manage DC and NDR and DR on 24 x 7 Basis 


S. No 

Manpower 

QTY 

1 

IT Infrastructure / Data Center Manager 

1 

2 

Database Administrator 

2 

3 

Systems Administrator 

2 

4 

Network Support Staff 

1 

5 

Technical Support Services 

3 
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Annexure 1 - Smart Pulse Survey 



Smart Pulse Survey - 
Approach Documen 
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Annexure 2 - AADHAAR Seeding 


Organic Seeding of Aadhaar: In this method, the Unique People IDs of the beneficiaries are collected 
through a door-to-door survey or at point-of-sale. Alternative methods are collection of Unique People 
ID through IVRS, SMS or drop boxes. Departments with large databases can also engage 3rd party 
service providers. 

Inorganic Seeding of Aadhaar: In this method, the demographic data of the departmental database is 
matched with that of SRDH through a computer algorithm, and wherever the degree of matching 
exceeds a threshold level defined, the Unique People ID of the resident as in SRDH database is 
included in the departmental database. 
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Annexure 3 - SRDH AS-IS Architecture 


In order to make best use of existing resources, and to reduce cost, it is important to understand what 
existing APSRDH has to offer in the context of target architecture. Therefore a study has to be done to 
understand AS-IS Architecture of APSRDH. Given below are key information about the current 
APSRDH Architecture 

AP IT&C department initiated the State Resident Data Hub (SRDH) Project to maintain the consistency, 
efficiency, and transparency to the citizens. The hub was conceived to be a unique citizen database for 
AP Residents to help government implement schemes effectively and efficiently. 

Given the requirements of People Hub and the current architecture of SRDH, it is possible to reuse 
SRDH for People Hub. Given below are some of the key features of SRDH that will be useful for 
developing the People Hub. 


S. No Feature Description 


1. 

Database Structure 

Database contains four major categories of data: 

a. Master Data - Common Master Data e.g. District/Block/Village etc. 

b. User Management Data - Contains user specific data - Role type, user id, password etc. 

c. Department Data - Demographic and transactional data from departments. E.g.: 
Authentication status, Verification status etc. 

UID Data - UID demographic data and transactions. E.g.: Consent Status, Authentication 
Status etc. 

2. 

Standards - SRDH is based on the following standards 

a. Database Standards: 

i. eGovernance Metadata Standards (MDDS) 

ii. Data Access is provided based on user group, and their roles in a department 

b. Data Administration Standards: 

i. DBA standards are established for creating data backup plan and recovery 
procedures, and monitoring and tuning performance of the hub. 

ii. System Administration Standards are established for guiding DBMS installation, 
upgrade, testing, and maintenance processes. 

c. Database Security Standards - IS027001 
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3. 

Services provided by SRDH 

Data Services: 

a. Convergence services 

b. Aadhaar Information service 

Application Services: 

a. Biometric Authentication 

b. Demographic Verification 

c. e-KYC 

d. Beneficiary Authentication (Including bulk authentication) 

e. Citizen profile 

Service Consumed by SRDH ( offered by departments) 

a. Data synchronization service 

4. 

Data Quality Services 

a. Data Cleansing 

b. Data de-duplication 

c. AADHAAR Seeding 

5. 

User management - Multi-level users based on roles and responsibilities. 

6. 

Architecture Overview 

a. Database - A Central database which holds 

i. People Hub Data- UID demographic data 

ii. Master Data - Location master data ( District, Mandal, etc) 

iii. User Management Table - To manage access to data 

iv. Department Tables - contains demographic data from different departments which 
is refreshed every night. Each department will have a separate set of tables. The 
tables also store transaction information like “Approved/ Rejected” etc. The data 
from departments are transformed to e-governance standards 

b. Services - Data and application services are offered as web services through point-to- 
point connections between requestor and SRDH. SRDH consumes services offered by 
departments, and this too happens on a point-to-point basis. The requestor sends 
requests to SRDH using SOAP over HTTP protocol. Based on the service invoked, SRDH 
either processes the requests and sends back responses to the requestor, or forwards the 
request to UIDAI and forwards the response from UIDAI to the requestor. 

c. Data exchange protocol - SOAP / HTTP 

7. Reporting 

a. Fraud data reports 

b. Graphical reports 

c. Aadhaar seeding reports 

d. Data quality reports 
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8 . 


Non-Functional Features: 

a. Availability 

b. Reliability 

c. Manageability (Maintainability) 

d. Usability 

e. Scalability 

f. Performance 

i. Number of Applications Supported 

ii. Number of Service calls per day 

iii. Number of Point-to-Point connections 


9. 


Technical Stack 

Database - Oracle Exadata 
Application - Java based 
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